CVE-2023-47066
📋 TL;DR
Adobe After Effects versions 24.0.2 and earlier, and 23.6 and earlier, contain an out-of-bounds read vulnerability when parsing malicious files. This could allow an attacker to execute arbitrary code with the privileges of the current user. Exploitation requires user interaction, such as opening a crafted file.
💻 Affected Systems
- Adobe After Effects
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or application crash leading to denial of service, with potential for limited code execution.
If Mitigated
Application crash without code execution if memory protections are enabled, but still a denial of service.
🎯 Exploit Status
Exploitation requires user interaction (opening a malicious file), making it less trivial but still feasible with crafted content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to After Effects version 24.1 or 23.6.1 as per Adobe advisory APSB23-66.
Vendor Advisory: https://helpx.adobe.com/security/products/after_effects/apsb23-66.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to the 'Apps' tab. 3. Find Adobe After Effects and click 'Update'. 4. Follow on-screen prompts to install the update. 5. Restart the system if required.
🔧 Temporary Workarounds
Restrict file opening
allLimit user ability to open untrusted After Effects files by applying file type restrictions or using application control policies.
Use least privilege
allRun After Effects with standard user privileges to limit impact if exploited.
🧯 If You Can't Patch
- Implement application whitelisting to block execution of malicious files.
- Educate users on the risks of opening untrusted After Effects files and enforce strict file handling policies.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of Adobe After Effects via the application's 'About' menu or system settings.Check Version:
On Windows: Check in 'Apps & features' or run 'wmic product get name,version' | findstr After Effects. On macOS: Check in 'Applications' folder or use 'system_profiler SPApplicationsDataType'.Verify Fix Applied:
Confirm the version is updated to 24.1 or 23.6.1 or later, and test with known safe files to ensure functionality.📡 Detection & Monitoring
Log Indicators:
- Application crashes or unexpected terminations of Adobe After Effects, especially when opening files.
Network Indicators:
- Unusual outbound connections from After Effects process post-file opening.
SIEM Query:
EventID=1000 (Application Error) with Source='AfterFX.exe' OR ProcessName='AfterFX' AND ExceptionCode like '%ACCESS_VIOLATION%'